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Abstract. This paper presents a non-interleaving denotational semantics for the 7r-calculus. The 
basic idea is to define a notion of test where the outcome is not only whether a given process passes 
a given test, but also in how many different ways it can pass it. More abstractly, the set of possible 
outcomes for tests forms a semiring, and the set of process interpretations appears as a module 
over this semiring, in which basic syntactic constructs are affine operators. This notion of test 
leads to a trace semantics in which traces are partial orders, in the style of Mazurkiewicz traces, 
extended with readiness information. Our construction has standard may- and must-testing as 
special cases. 
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1 Introduction 

The theory of concurrency has developed several very different models for processes, focusing on 
different aspects of computation. Process calculi are an appealing framework for describing and 
analyzing concurrent systems, because the formal language approach is well suited to modular 
reasoning, allowing to study sophisticated systems by means of abstract programming primitives 
for which powerful theoretical tools can be developed. However, the vast majority of the semantic 
studies on process calculi like the 7r-calculus have focused on the so-called interleaving operational 
semantics, which is the basic definition of the dynamic of a process: the interaction of a program 
with its environment is reduced to possible sequences of transitions, thus considering that parallel 
composition of program components is merely an abstraction that represents all possible ways 
of combining several sequential processes into one. 

There is clearly something unsatisfactory in this state of things. Although sophisticated 
theories have been established for interleaving semantics, most of which are based on various 
forms of bisimulation, they fundamentally forget the crucial (and obvious) fact that concurrent 
processes are intended to model situations where some events may occur independently. Attempts 
at recovering this notion of independence in existing theories have been made, for instance in 
the form of subtle variations on bisimulation or by fully abstract encodings of non-interleaving 



semantics into interleaving ones (in particular in Sangiorgi's work on locality and causality [13 
[3]). More recently, the old idea of Winskel's interpretation of CCS in event structures [TJ has 
been revisited by Crafa, Varacca and Yoshida to provide an actually non-interleaving operational 
semantics for the 7r-calculus, using extensions of event structures 5J. 

This paper presents an attempt at defining a semantics for the 7r-calculus that is both non- 
interleaving (sometimes called "truly concurrent" ) and denotational, in the sense that the internal 
dynamics of a process is hidden, and only the part that is observable by other processes is kept. 
These two requirements may seem contradictory: "denotational" as we mean it leads to the 
definition of testing semantics, which in turn leads to trace semantics, which is very interleaving 
in nature. Indeed, consider the prototypical case of a | 5 versus a.b + b.a: how is it possible to 
distinguish them when looking at their interactions? Both can do a then 6 or 6 then a, but in the 
first case the paths a.b and b.a are in fact one same run since a and b are independent, while in 
the second case they correspond to two actually different choices. We solve the contradiction by 
elaborating on this simple idea: instead of checking whether a given process passes a given test, 
we check in how many different ways it can pass it. The word "different" here refers to different 
choices being made in situations of non-determinism, and not simply different orderings of the 
same actions. 

The approach presented here follows previous work by the author [T] on the search for 
algebraically pleasant denotational semantics of process calculi. The first step was to intro- 
duce in the 7r-calculus an additive structure (a formal sum with zero) that represents pure non- 
determinism, and this technique proved efficient enough to provide a readiness trace semantics 
(in the style of Olderog and Hoare [H]) with a complete axiomatization of equivalence for finite 
terms. The second step presented here further extends the space of processes with arbitrary 
linear combinations, giving a meaning to these combinations in terms of quantitative testing. 
This introduction of scalar coefficients was not possible in the interleaving case, because of the 
combinatorial explosion that arose even when simply composing independent traces; quotient- 
ing by homotopy is the proper solution to this problem. Growing the space of processes to get 
more algebraic structure is motivated by the idea that better structured semantics gives cleaner 
mathematical foundations for the object of study, in the hope that the obtained theory will be 
reusable for different purposes and that it will benefit from existing mathematical tools. 

Outline. In section [21 we define the calculus on which our study is built: a finite form of the 
7rl-calculus. An non-interleaving operational semantics is defined as follows: transitions are those 
of the standard calculus, decorated with the position of each action involved in a given transition, 
so that transitions are independent if they derive from actions at independent positions. Two 
execution paths are then considered homotopic if they differ only by permutation of independent 
actions. This technique is a variant of proved transitions introduced by Boudol and Castellani [3] 
and notably studied by Degano and Priami [6l [7] . 

In section [31 the notion of test is defined. Outcomes are taken from a semiring IK in which 
multiplication represents the parallel composition of independent results and addition represents 
the combination of outcomes from different (non homotopic) runs. Processes are equivalent if 
they yield the same outcome in all contexts. The space of process equivalence classes appears a 
K-module, on which the outcome is a linear form, and syntactic constructs are affine operators. 

In section [31 we derive a first denotational semantics of processes as linear forms over this 
space, in a construction similar to that of the theory of distributions. This construction provides 
an abstract interpretation of recursive processes without having to include them in the initial 
construction of tests. 

In section [5l we further describe the space of finite processes by showing that every finite 
process is a linear combination of traces. Our notion of trace is an asynchronous variant of the 
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traces induced by standard semantics: they are partially ordered finite sets of actions, augmented 
with readiness information. This provides a second, more concrete denotational semantics that 
illustrates the expressiveness of our notion of test. 

Finally, in section [6l we show that standard forms of test are particular cases of our construc- 
tion, obtained by choosing an appropriate semiring for outcomes. 

Future and related works. The present work is by no means a complete study of quantitative 
testing semantics and its possible applications, but rather a presentation of the basic ideas and 
their consequences. A first objective is to clarify the relationships between the two proposed 
semantics, possibly by establishing that traces form a basis of the space of processes (maybe by 
using a ring or field instead of a semiring for outcomes). Another challenging direction for future 
work is using the linear-algebraic interpretation for specification of processes, using tools like 
differential equations to specify behaviours; this should provide a reconstruction of the semantics 
on arbitrary vector spaces instead of the concrete space of processes, which could be a way to a 
new family of denotational semantics for process calculi. 

Along with this long-term ideas, it is naturally interesting to extend our work with more 
features in the calculus. A more precise account of recursion is a desirable thing: surely infinite 
behaviours fit in our framework, but the present work does not study it in full detail for lack 
of space. External choice is a natural feature to add in the framework, but previous work [T] 
suggests that it is painless. Unrestricted name passing, on the other hand, is a more delicate 
matter, and we believe that getting a satisfactory understanding of the more regular case of 
internal mobility first is necessary to handle it. 

Several works by other authors are related to the present work. Crafa, Varacca and Yoshida's 
event structure semantics probably has very strong relationships with our trace semantics: it has 
to be expected that their event structures can be used as an intermediate between the process 
calculus and the traces, and that traces and outcomes can be deduced from configurations of 
the event structures. The operational semantics and its similarity to Mazurkiewicz traces also 
suggests that relations could be made with more abstract semantics, like Mellies and Mimram's 
asynchronous games [TOl E] . Previous work on the search for algebraic semantics of processes 
include Boreale and Gadducci's processes as formal series [2] , which has notable similarities with 
the present work, although their work is carried out in CSP. Finally, strong relationships are 
expected with differential interaction nets [9l [8] , which have linear algebraic semantics and are 
expressive enough to encode the 7r-calculus. 

2 Parallel operational semantics 

We consider the 7r-calculus with internal mobility, or TrTcalculus, extended with a parallel com- 
position without interaction and with outcomes from a commutative semiring K. We consider 
the monadic variant of the calculus for simplicity, but using the polyadic form would not pose 
any significant problem. The most important point is that we consider finite processes, without 
recursion, for the construction of our framework, and we handle potentially infinite behaviours 
in a second phase in section [H 

Definition 1. We assume a countable set TV of names. Polarities are elements of P = {|, f }. 
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P^P' pJ^^S^p' Q^lZMi^Q' p^p> 



a.P > _P n l.a 



^ ^ P\Q ii:^ I g'[x/y]) ('^^)^ ^ ('^^)^' 



P\Q^P'\Q Q\P^Q\P' PWQ^P'WQ Q\\P^Q\\P' 

Table 1: Transition rules 



Terms are generated by the following grammar: 

actions a := u'^{x) with u,x ^ N and e & P 

processes P,Q := k outcome, with fc e K 

a.P action 
_P performed action 
P I Q parallel composition with interaction 
P II Q parallel composition without interaction 
{vx)P hiding 

Terms are considered up to injective renaming of bound names and commutation of restrictions, 
i.e. {vx){vy)P = {yy){vx)P , with the standard convention that all bound names are distinct 
from all other names. 

The parallel composition without interaction allows us to write a term like a\\a which can 
perform the dual actions a and a independently but does not allow them to synchronize — this 
slightly extends the expressiveness of the calculus but not in a dramatic way, and it simplifies 
the theory. 

The prefix _ represents an action that already occurred. It has no computational meaning 
but has the effect that the positions of actions in the terms are preserved when reducing, which 
will simplify definitions below. 

We want to define an operational semantics in which commutation of independent transitions 
is allowed. In order to make this possible by only looking at transition labels, we have to enrich 
the labels so that different occurrences of a given action are distinguishable. We do this by 
simply introducing in each label the positions in the syntax tree of all actions involved (as a 
consequence, the operational semantics cannot be defined up to structural congruence). 

Definition 2. A position is a finite sequence of integers. The concatenation of l and k is written 
t.K, the empty position is written e. The prefix order is written ^ and two positions l and k are 
independent (written l // k) if they are incomparable. 

Definition 3. Transition labels can be of one of two kinds: 

a, b :— u'^{x) : l visible action 

(t, k) internal transition 

For a label a and a position i, i.a denotes the label a where each position k is replaced with l.k. 
Transitions are derived by the rules of tabled] 

An interaction is finite sequence of transition labels. A path is a finite sequence of internal 
transition labels. An interaction p — aia2 . . . a„ is valid for P, written p G P, if there are valid 
transitions P — '-^ Pi • • • P„. 

This technique can be seen as a version of Boudol and Castellani's proved transitions [U [7] 
simplified for our purpose. It is clear that for all term P and interaction p £ P, there is exactly 
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one term P/p such that there is a transition sequence P — > P/p (up to renaming of revealed 
bound names). Remark that by removing all positions from labels (replacing ((-,«;) by r) one 
gets the standard labeled transition system for the 7rl-calculus. 

Definition 4. Two labels a and b are independent (written a // h) if all positions in a are 
independent of all positions in h. Homotopy is the smallest congruence w over paths such that 
ab « ha when a // b. 

Two execution paths of a given term are homotopic if it is possible to transform one into the 
other by exchanging consecutive transitions if they are independent. Prefixing generates local 
constraints which propagate to paths by this relation. A first remark is that transition labels 
contain enough information so that homotopy does not depend on the term in which paths are 
taken. 

Proposition 1. For all term P and all interactions p,q such that p k, q, p ^ P if and only if 
q € P, and then P/p = P/q- 

Proof. The basic case \s p = ah and q = ba for some a and b with a // b. We thus prove that 
for any pair of transitions P ^ Q ^ R with a / 6, there is a term Q' such that P ^ Q' ^ R. 
Proceed by induction on the derivation oi P ^ Q. 

• The case of the action rule a.P _P cannot happen since no position is independent of 

£ but h is supposed to be independent of a : £. 

• In the case of the _ rule, we have _P _Q _i? and we can proceed by induction on 

P ^Q^R. 

• In the case of the interaction rule, we have a = (l.t, 2.k) for some positions l and k, and 
the second transition starts from (i/x)(P' | Q'[x/y\). Reason by case analysis on the shape 
of this second transition. If all positions in b start with 1, then h — 1.6' for some b' and 

the second transition comes from P' P", so we can apply the induction hypothesis 

on P '•■^y^-'-^ pi pii transitions P ^ R ''^'' "'^ '^ P", from which we deduce 

P I Q — > P I Q — > {vx){P" I Q'). If all positions in b start with 2, the same argument applies, 
the substitution of x for y is innocuous since it only affects actions prefixed by u~'^{y). If 

b = {l.i',2.K') for some i' and k', then wo have P' '''^ > P" and Q' ~ — ''^ ^'^ > Q", so 
we can apply the induction hypothesis on P and Q independently, from which we deduce 

P I Q {vx'){P"' I Q"'[x'/y']) ^ {ux'){ux){P" \ Q"[x' /y' ,x/y]), which concludes this case 
since the substitutions [x/y] and [x' /y'] are independent and the order of restrictions is 
irrelevant. 

• The {ux) context rule is obvious. 

• In the right context rule for parallel composition, we have a = l.o' for some a' . If h = 2.6' 
for some 6', then a occurs in P and 6 occurs in Q, so they obviously commute. If 6 has 
the form a : l.L, then we proceed by induction in P. If 6 is a label ((-, k) with one of t, k 
starting with 1, then we proceed by induction on the visible action at this position, in a 
similar way as for parallel composition. 

• The other context rules for composition with and without interaction are similar. 

The general case follows. □ 
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Definition 5. A pre-trace is a homotopy class of interactions. A run is a homotopy class 
of maximal paths. The sets of pre-traces and runs of a term P are written V{P) and Tl{P) 
respectively. The unique reduct of a term P by a pre-trace p is written P/ p. 

Runs arc the intended operational semantics: they are complete executions of a given system, 
forgetting unimportant interleaving of actions and remembering only actual ordering constraints. 
A pre-trace can be seen as a Mazurkiewicz trace on the infinite language of transition labels, 
with the independence relation from definition [51 except that, because of our transition rules 
(and because of the use of the place-holder _), each label occurs at most once in any interaction. 
A crucial fact is that pre-traces are uniquely defined by the set of their labels: 

Proposition 2. Let p and q be two interactions of a term P such that p and q are permutations 
of each other, then p ^ q. 

Proof. We first prove that for all interaction ai . . . a„b G P such that 6 G P we have oi . . . a„6 « 
bai . . .an, by induction on n. The case n = is trivial. For the case n ^ 1, remark that the 
hypothesis implies ai // b: if some position in ai was less than a position in b then b could only 
occur after ai, which contradicts b ^ P, and ai E P also implies that no position in b is less than 
a position in a. Therefore we have bai G P and bai « aib. Applying the induction hypothesis on 
P/ai yields ba2 . ■ .an ~ a2 . . . a„6 from which we conclude. The case of arbitrary permutations 
follows by recurrence on the length of p and q. □ 

Definition 6. Let P be a term and p G ViP). By proposition [21 p is identified with the set of 
its labels. The causal order in p is the partial order on labels in p such that a b if a ~ b 
or a occurs before b in all interactions in p. 

This presentation is much simpler to handle than explicit sets of runs, so this is the one we will 
mainly use. Interactions that constitute a given pre-trace are simply the topological orderings of 
this partially ordered set of transitions. Traces are a further quotient of pre-traces, defined and 
studied in section [H 

3 Quantitative testing 

We now define a form of observation based on interaction, in the style of testing equivalences, 
that takes homotopy into account. Standard testing naturally leads to interleaving semantics, so 
we have to refine our notion of test, and that is what outcomes are for. The set K is a semiring 
in order to represent two ways of combining results: the product is the parallel composition of 
independent results and the sum is the combination of results from distinct runs. 

Definition 7. The state s{P) G K of a term P is the product of all outcomes in active position 
in P: 

s{k):^k, s{a.P):=l, s{.P) := s{{ux)P) -.^ s{P), s{P \ Q) -.^ s{P \\ Q) -.^ s{P) s{Q). 

The outcome of a term P is (P) — J2peTZ{P) ^i-^/p)- terms P and Q are observationally 

equivalent, written P ~ g, if (P | P) = (Q | R) for all R. 

Classic forms of test intuitively correspond to the case where K is the set of booleans for the 
two outcomes success and failure, with operations defined appropriately. This particular case is 
detailed in section [6l 
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3.1 Basic properties 

Theorem 1. Observational equivalence is a congruence. 

Proof. Consider a pair of equivalent processes P ^ Q. Let a be an arbitrary action, we first 
prove that a.P ~ a.Q. Let R be an arbitrary process. The set TZ{a.P \ R) can be spht into 
two parts: the set T^o of runs where the action a is not triggered and the set TZi of runs in 
which it is. Then for each run p G TZi, there is a position l such that (l,2.i) £ p. Let pi 
be the partial run {a \ a G p,a (l,2.t) }, that is the minimal run that triggers a; we have 
{a.P \ R)/p\ = {i^x){P I R') for some R'; let p2 = p\ Pi, so that p2 is a run of P \ R' and 
{a.P I R)/p = {i>x){P I R')/p2. Let S be the set of triples {pi,R',p2) for all p £ TZi. Obviously 
7?. (a.P I ii) is in bijection with TZq^ S and 

{a.P\R)= ^ s{R/p)+ J2 <^P\R')/P^) 

Now let £ = { (pi, R') I 3/32, (pi: -R': P2) G 5 }, and let (pi, R') £ £. Since TZi contains all runs of 
a.P I R that trigger a, it contains all the runs of P | i?' since P \ R' can be reached from a.P \ R, 
so we have { p2 \ {pi,R', P2) € «S } = 'R-{P \ R'), hence 

^ s{iP\R')/p2)= E <ip\R')/p)= E 

(pi,fl',^)2)es {pi,R')eCp2en{p\R') {pi,R')ec 

By hypothesis, for all R' we have (P | i?') = (Q I so 

(a.P|P)= <R/P)+ E (0 I fi'> = I ii) 

since the reasoning above equally applies to Q. Therefore we get a.P ~ a.Q. 

For parallel composition, let R and S be arbitrary terms, we want to prove {{P \R)\S) = 
{{Q \ R) \ S), in order to get P | i? ~ Q \ R. Let (p be the function over positions such that 
for all L, (p{l.l.L) = !.(., 99(1. 2. t) = 2.1.t and iyj(2.(,) = 2.l, and for all path p, let iy9(j3) be the 
path obtained by applying </? on all positions in p. Then is a bijection between the paths 
of (P I P) I S* and those of P | (P | 5), and it preserves homotopy so it actually provides a 
bijection between 7^((P | P) | S") and 7^(P | (P | S)). Moreover, for all p G 7^((P | P) | 5), we 
have s(((P | P) | = s((P | (P | S))/ip{p)), so ((P | P) | 5) = (P | (P | 5)). Similarly we get 

s{{Q \ R)\S) = {Q\{R\ S)), and by hypothesis we have P ~ Q so (P | (P | 5)) = (Q | (P | S)), 
from which we conclude. 

For parallel composition without interaction, let P and S be arbitrary terms, we want to 
prove ((P II R)\S) = {{Q \\ P) | S), in order to get P || P ~ Q || P. The technique used for 
parallel composition with interaction docs not apply here, because there is no simple form of 
associativity between the two parallel compositions. However, if the free names of P and P are 
disjoint, it is easily seen that P | P and P || P are equivalent, and this is the fact we will use here. 

Let A be a set of pairs (t, k) where t is the position of an action in P and n is the position 
of an action in S, such that these actions are on a free name and may interact with each other, 
and such that A is a partial injection (each position of P occurs at most once on the left, each 
position of S occurs at most once on the right) . Call this kind of set a synchronization and let 
S be the set of all synchronizations. We say that a run p G 7?.((P || P) | S) satisfies A, written 
p \\- A, ii the interactions between P and S in p are exactly those designated by A, that is if 
{{l,k) I {1.2.l,2.k) e p} = A. 
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commutativity P|Q~Q|P P||Q~Q||P 

associativity (P | Q) | i? ~ P | (Q | i?) (P || Q) || P ~ P || (Q || R) 

neutrality P | 1 ~ P P || 1 ~ P 

scope commutation {vx){v>y)P ~ {uy){vx)P 

scope extrusion {vx){P | Q) ~ P | {ux)Q with x ^ fn(P) 

scope neutrality {ux)k ~ fc 

non-interaction {P\\Q)\R~{P\ R) \\ Q with fn(Q) n fn(P) = 

place-holder _P P 

inaction {i/u)u^{x).P ~ 1 

non-interference {vu){u{x).P \ u{x).Q) ~ {uux){P \ Q) 

Table 2: Basic equivalences. 



We will define R^ and 5"^ to be rewritings of R and S such that the pairs (t, k) are guaranteed 
to interact. For this purpose, for each (t, k) G A, let a^^K and Wi^^ be fresh names: a^^^ is a new 
name on which the pair will interact (in order to avoid conflicts with other names) and Wl^^ will 
act as a witness of (i, k), that will ensure that the pair actually interacts. Define R^ as the term 
R in which each action a'^{x).T at a position t such that there is an (t, k) G A is replaced by 
af i^{x).(T I w^K-l), and define S*"^ as the term S in which each action a^{x).T at a position k 
such that there is an (i, k) £ A is replaced by af ^{x).T (without w^^k)- Let Wa be any parallel 
composition of w^k.O | Wt.K-l for all l,k € A. 

If we now examine the runs of (P | P'^) | (5"^ | Wa), we observe that if a run p does not 
trigger the actions of a given pair (t, k) G A, then it must contain the reduction of wij.O | i/)t,K-l 
into _0 I _1 (because runs are made of maximal paths), so the outcome of this run is 0. On 
the other hand, if all the interactions given by A occur in p, it is still possible that some of the 
w^K-O I WtjK-l reduce into _0 | _1, but there is one possibility that each w^.^A interacts with the 

in R^. From a run that satisfies this condition, we can deduce a unique run of (P || P) | 
that satisfies A, and reciprocally from a run of {P\\R)\S that satisfies A we can deduce a unique 
run of (P I R^) \ {S^ \ Wa) that does not reduce any Wt,K-0. Moreover, this bijection between 
runs preserves outcomes, so ((P | R^) \ (S^ \ Wa)) is the sum of all s(((P || R) \S)/p) for all runs 
p that satisfy A. From this we get the following decomposition: 

{{p \\R)\s) = J2J2 '(((p II ^) I syp) - E ((^ I ^■') I (^■^ I ^^)) 

A£S pl\-A AeS 

= E I I I ^^))) = E I (^■^ I I ^-4))) = HQ II R) I S) 
AeS Aes 

The equality ((P | P-^) | (5^ | Wa)) = (P | (P^^ | (S"^ | M^a))) is justified by the same argument 
as above for parallel composition, and the substitution of Q for P is the hypothesis P Q. The 
final equality is the same reasoning for Q as for P above. 

The equality {{vx)P \ R) = {{vx)Q \ R) is justified by the fact that {{i'x)P \ R) and (P | R) 
are equal if the name x is fresh with respect to R. □ 

Proposition 3. The equivalences of table[^ hold. 

Proof. For commutativity of composition with interaction, consider three terms P, Q, R. We first 
establish a bijection between 7^((P I Q) I P) and 7?.(((3|P)|P). Let be the function over positions 
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that exchanges II and 1.2 at the beginning of words, i.e. </?(!. l.t) = 1.2. o, (p{1.2.L) = 1.1. o and 
(P{2.l) = 2.L for all position l. For all path p, define ip{p) as the path obtained by applying ip to all 
positions in p. Then clearly, for all path p ol {P\Q)\ R, ip{p) is a path of {Q\P)\ R. Moreover, for 
all paths p and q, p ~ q if and only if ip{p) ~ fiq)- Therefore cp is a bijection between TZ{{P \Q)\R) 
and TZ{{Q \ P) \ R). Besides, since K is commutative, we have ((P | Q) \ R/p) — {{Q \ P) \ R/Lp{p)) 
for aU P, Q, R and p, so we have ((P \Q)\R) = {{Q \ P) \ R). 

For associativity, we use the same technique with relabeling function defined as Lpil.l.l.i) — 
1.1. i, (p(1.1.2.i) = 1.2.1.1, lp{1.2.l) — 1.2.2. L for all l and — k for all other positions k; the 
final argument is associativity of the product in K. For neutrality, we use (^(1.1. t) ~ '/'(l.t) for 
all L and '^^{k) — k for all other positions k, and conclude by the neutrality of 1 in K. 

For parallel composition without interaction, the same arguments apply. For the non- 
interaction rule, a similar argument applies, using the fact that there can never be any interaction 
between Q and R if they do not share any free name (this property is specific of the ttI calculus) . 

For the scoping rules, we simply remark that {(v'x)P | Q) = (P | Q) if a; is a fresh name, since 
names have no influence on outcomes. 

For the place-holder rule, (_P | Q) — {P \Q) is proved by applying the function tf such that 
(p{l.l.t) = l.t for all L and fin) for all other k. This establishes a bijection between TZ{-P \ Q) 
and TZ{P \ Q) since the _ is never involved in any transition. 

For the inaction rule, remark that in a term {vu)u'^{x).P \ R, there can be no transition 
involving u^{x), hence all runs are made of labels of the form (2.t, 2.k), so the runs of {i/u)u'^ {x).P\ 
R are the runs of R with an extra 2 in front of each position, moreover the outcomes are the 
same since s{{i'u)u^{x).P) = 1. 

For the non-interference rule, remark that all runs of {uu){u{x).P \ u{x).Q) \ R contain the 
transition (1.1, 1.2), because of maximality and the fact that R cannot provide actions on u. The 
reduct by this transition is {i>ux){-P | -Q) | P, and its runs are those of the original term without 
(1.1,1.2), so it has the same outcome. We thus have {vu){u{x).P \ u{x).Q) ~ [vux){_P \ -Q), 
and the equivalence {v>ux){-P | _Q) ~ {vux){P \ Q) follows from the previous rules. □ 

The non-interaction rule is formulated as it is for generality. Note that it implies the intuitive 
fact that the two compositions coincide for terms with disjoint free names: if fn(P) n fn(Q) 
then 

P I Q ~ (1 II P) I Q ~ (1 I Q) II P ~ II P ^ P II Q. 

Thanks to these properties, when considering processes up to observational equivalence, we 
can consider the compositions to be associative and commutative. In this case we use the notation 
Hie/ Pi to denote the parallel composition without interaction of the Pi in any order (assuming 
only that / is finite). 

3.2 The space of processes 

In order to study processes up to observational equivalence, we will now describe some of the 
structure of the space of equivalence classes. The first ingredient is to identify an additive 
structure that represents pure non-determinism. 

Proposition 4. Let IIk he the set of equivalence classes of processes over the semiring of out- 
comes K. For all terms P and Q and all outcome k, define 

P ® Q {uu){{u.P I u.Q) I u.l) where u is a fresh name, 
k- P ■.= k\P 

Then (IIk, ffi, 0, ■) is a K-module, parallel compositions are bilinear operators and hiding is linear, 
i.e. the equivalences of table\3[hold. 
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Commutative monoid for ©, 0: 



P®Q^Q®P {P®Q)®R~P®{Q®R) P®Q~P 
Action of the semi-ring K: 

1 • P ~ P kik2 ■P^ki-k2-P 

0-P~0 {ki+k2)-P'^ki-P®k2-P k-{P®Q)^k-P®k-Q 

Bilinearity of compositions, linearity of hiding: 

P I (Q ® P) ~ (P I Q) ® (P I P) P\{k-Q)~k-{P\Q) 

P\\{Q®R)- (P II Q) ®{P\\R) P\\{k-Q)~k- (P II Q) 

{ux){P ® g) ~ {vx)P ® {i>x)Q {ux){k -P) ~k - {vx)P 



Table 3: K-module laws over processes. 



Proof. We first show that, for all terms P, Q and R, ((P ® Q) | P) = (P | P) + (Q | P). Consider 
7?.((P ffi Q) I P) = TZ{{vu){{u.P I u.Q) I u.l) I P). It is clear that any run contains an interaction 
of u.l with either u.P or u.Q, since none of these may interact with anything else. We can thus 
write TZ{{P ffi Q) | P) = Ti-i W TZ2 where TZi is the set of runs that contain (1.1.1, 1.2) and 7^2 is 
the set of runs that contain (1.1.2, 1.2). The runs in TZi are the runs of {i/u){{u.P 1 1) | -O) | P and 
each of these runs has the same outcome in both terms, so 

J2 4iiP ® Q) I R)/P) = {{t^u){{u.P \l)\u)\R) = {P\R) 

by the equivalences of table [51 By a similar argument, we get the same for TZ2 and {Q \ R) so we 
finally get ((P ® Q) | P) = (P | P) + (Q | P). 

This equality and the fact that (K, +, 0) is a commutative monoid implies that (IIk, ®, 0) is 
a commutative monoid (where is the atomic term with outcome 0). 

For any terms P and Q and any outcome k, it is clear that {{k | P) | Q) = A: (P | Q), since the 
term k has no transition and contributes k multiplicatively to all outcomes of the term. This 
directly implies that the operation k ■ P has all required properties. 

For the bilinearity of compositions, consider arbitrary terms P, Q, P, S. By previous results, 
we have 

((P I (Q ® P)) I S) = HQ ® P) I (P I S)) = (Q I (P I S)) + (P I (P I S)) 

= ((P \Q)\S) + ((P \R)\S)^ (((P I Q) ® (P I P)) I S) 

This proves that parallel composition distributes over ®, and the fact that is absorbing is 
equivalent to the rule • P ~ 0. The same rules for parallel composition without interaction can 
be proved by similar arguments about the partition of TZ{P \\ (Q ® P)) into runs that choose Q 
and runs that choose P. 

For hiding, consider arbitrary terms P,Q,R and let x be a name. Assume (without loss of 
generality) that x does not occur in P. Then we have 

((ivx)(P (SQ)\S) = ((P ® Q) I 5) = (P I S) + {Q I S) = {{vx)P \ S)®{{ux)Q \ S) = {{{vx)P ® {vx)Q) \ S) 
The equivalence {vx)Q ~ is one of the rules of table [51 □ 
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Linearity: 



a.{P®Q) ~ a.P®a.Q 



a.{k ■P)~k- a.P 



{vu)if{x).P ~ 



Composition of inactions (the subject of (3 is not bound by a) 



a.(/3.0 I P) 
d.(/3-0 II P) 



/3.0 I a.P 
/3.0 II a.P 



a.O I a.O ~ a.O 
a.O II a.O ~ a.O 



a.O I a.O ~ 



Table 4: Laws of linear actions and inactions. 



Remark that all syntactic constructions induce linear constructions on equivalence classes, 
except for the action prefix, which is not linear but actually affine. Indeed, for an action a, 
the term a.O is not equivalent to 0: it will be neutral in executions that do not trigger a, and 
multiply the outcome by (thus annihilating it) in runs that do. It can be understood as a 
statement "I could have performed a but I will not do it" so that any run that contradicts this 
statement has outcome 0. The purely linear part of actions is the opposite: the linear action 
a.P will act as a.P if its environment actually triggers the action, but will turn to if it is never 
activated. 

Definition 8. For all action a and term P, the linear action of a on P is 



An interaction is said to trigger the linear action if it triggers the action w.\. Terms of the form 
a.O are called an inactions. 

This definition has the expected behaviour because of the maximality of runs. If a.P is in 
active position, then any run that does not trigger a must instead trigger w.O, hence any such 
run has outcome 0. A run in which the term a.P does not produce must activate a, so that 
w.l acts instead of w.Q. 

Proposition 5. For all a and P , a.P ~ a.P © a.O. The function P i— > a.P is linear and the 
equivalences of table [7] hold. 

Proof. We first prove a.P ~ a.P ® a.O. Consider an arbitrary term Q call TZi the set of runs of 
a.P\Q that contain a transition (1, i), i.e. runs that trigger a, and let TZq be the set of runs that do 
not. The runs of TZq are also runs of a.OlQ, moreover for each run p S TZ{a.Q\Q)\R-Q the action a is 
triggered so contributes to the outcome and s((a.O | Q)/ p) = 0, hence X^peTCo ^ii^-P \ Q)/ P) = 
(a.O I Q). Now consider a run p G TZi. By definition, there is a k such that (1,k) G p. We 
deduce from p a run p' of a.P as follows: let f be the function that maps each 1.1. t to l.l.l.l.t 
and all other positions to themselves; set p' := <f{p \ (1,^)) U {(1.1, k), (1.1.1.2, 1.2.2)}. This 
literally means that p' is p where all positions in P are shifted to reflect their positions in 
{uw){a.{P I w.l) I (w.O I w.O)) I Q, (1,k) is shifted to reflect the new position of a, and the 
interaction between w.l and w.l is added (which is valid since it is freed when a is triggered). 
Clearly p' is a run of a.P \ Q and s((d.P | Q)/p') = s((a.P | Q)/p). The mapping p ^ p' 
is objective, and its image is the set of runs of a.P \ Q that trigger w.l. By maximality, any 
other run of a.P \ Q must trigger w.O, hence the outcome of all other runs is 0, which implies 



(a.P I Q) = Y^nen s{{a.P \ Q)/p). We can finally deduce (a.P \ Q) = (a.O | Q) + {a.P \ Q) and 



a.P :~ {uw){a.{P \ w.l) \ [w.Q \ w.l)) where w is a fresh name. 



conclude. 
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For linearity, we use the fact that {a.P \ Q) is the sum of the s{{a.P \ Q)/p) for the runs 
p that actually trigger a (and the witness action w.l). If P = fc | P', these runs are the same 
in a.(k \ P') \ Q and d.(l | P') | Q, but the outcomes are multiplied by k in the first case, so 
(d.(fc \P')\Q) = k- I P') I Q) and a.{k | P') =i fc | d.(l \P')~k\ a.P'. If P = Pi ® P2, 

the choice is eventually active in all relevant runs, so each of these runs triggers either Pi or 
P2. We can thus establish a bijection between 7^(d.(Pi © P2) | Q) and the disjoint union of 
TZ{a.Pi I Q) and TZ{a.P2 \ Q). Since outcomes are preserved by this bijection, we finally get 
(d.(Pi ® P2) I Q) = (d.Pi I Q) + {a.P2 I Q) and (Pi © P2) | Q ~ (Pi | Q) © (P2 | Q). 

The equivalence [uu)u'^{x).P ~ can be deduced from previous equations: 

(uu)u^(x).P = {uuw){u''{x).{P I w.l) I (w.O I iD.l)) 

~ {uw){{h'u)u^{x).{P I w.l) I (w.O I w.l)) 

~ (ivw)(l I (w.O I w.l)) ~ {uw){w.Q I w.l) ~ (z^u;)(0 | 1) ~ 

For the equivalence a.{f3.Q \ P) ~ /3.0 | d.P, assuming the subject of (i is not the bound name 
of action a, let Q be an arbitrary term and consider 7?.(d.(/3.0 | P) | Q). Any run that does not 
trigger d or that triggers both d and /3 has outcome 0, so the only relevant runs are those that 
trigger d but not (3. Clearly these runs are in bijection with the runs of (/3.0 | d.P) | Q that 
trigger d and not /3, by a simple rewriting of the positions. Moreover, this bijection preserves 
outcomes, so the sums of the outcomes of these runs are the same. A similar argument proves 
d.(/3.0 II P) ~ /3.0 II d.P. 

For the composition of inactions, the relevant runs of a term (a.O | a.O) | P or (a.O || a.O) | P 
are those that do not trigger any occurrence of a, so the number of such occurrences does not 
matter. Finally, we get a.O \ d.O ~ by the remark that all runs of (a.O | d.O) | P must trigger one 
of the inactions: either a.O interacts with P, or d.O interacts with P, or none of these happen 
and a.O and d.O must interact together, by maximality of runs. □ 

Definition 9. A term is simple if it is generated by the grammar 

P, Q := 1, a.O, d.P, (P I g), (P II Q), {ux)P 

An pre-trace p G P(P) is exhaustive if it triggers all linear actions and no inaction, and no 
sub-term of P/ p has the form Q \ R with Q containing some a.O and R containing d.O. The set 
of such pre-traces is written Ve{P)- 

Simple terms have the property that the outcome of any run is either 1 or 0. More precisely, 
it is easy to see that the outcome of a run is 1 if and only if it triggers all linear actions and no 
inaction. The notion of exhaustive pre-trace is the correct extension of this notion to pre-traces, 
indeed every run of a simple term P | Q with outcome 1 is made of an exhaustive pre-trace of 
P and an exhaustive pre-trace of Q. The condition on P/ p simply rules out interactions of P 
that lead to a term P' where there are dual inactions that may interact, since that would imply 
P' ~ 0, as a generalization of the equation a.O | d.O ~ 0. 

Remark that, by the decomposition of proposition [5] and the linearity of all constructions 
of simple terms, we immediately prove that every term is equivalent to a linear combination of 
simple terms. As a consequence, two terms P and Q are equivalent if and only if for all simple 
term i?, (P | P) = (Q | R). 

4 A linear algebraic semantics 

The equivalence of finite processes is defined by the fact that they give the same outcome when 
tested against the same finite processes. The equivalence class of a term P is thus completely 
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defined by the function Q ^ {P \Q), which can be considered as a function from equivalence 
classes to outcomes. Moreover, by the properties of the space of processes, we know that this 
function is linear. 

Definition 10. A behaviour is a linear form over IIk. A partial behaviour is a linear form 
defined over a submodule of IIk. The behaviour of a term P is the form |P| such that, for all 
QgHk, IPKQ) = {P\Q). 

Switching from a space to its dual makes the space of considered objects grow, as we will see 
below. In our context, it allows us to move from inductive objects (finite processes) to coinductive 
objects (intuitively, this includes infinite terms). This technique is in some sense analogous to 
the basic idea of the theory of distributions: consider a generalized function as a linear form over 
simple well-behaved objects (smooth test functions, as analogous of our finite terms). 

We now describe a way of giving semantics to infinitary processes, showing that recursive 
process definitions have solutions as partial behaviours. 

Definition 11. We assume we have a set I of process indeterminates of the form X{xi . . . Xn), 
which represent an unknown term with free names xi . . .Xn- The set of partial terms is generated 
by the same grammar as finite processes (as of definition [Ij , augmented with indeterminates. 
The set of indeterminates of a partial term P is written ind(P). 

The refinement preorder is the relation C over partial terms such that P C Q if Q is obtained 
from P by substituting each indeterminate by an arbitrary term with the same free names. The 
relation E/ is its restriction to the case when the right-hand side is a finite term. 

Definition 12. Let P be a partial term. If there is a fc e K such that (Q) = k for all finite Q 
with P Q, then we set (P) = fc, otherwise (P) is undefined. The interpretation |P] is the 
partial function Q i— > {P \ Q) from IIk to K. Two partial terms are equivalent if the have the 
same interpretation. 

This is clearly an extension of the semantics of total terms, since the set of refinements of a 
total term P is {P}. One easily checks that this definition of the interpretation of partial terms 
enjoys the same properties as finite terms: 

Proposition 6. For all partial termP, |P| is a partial behaviour. The equations of tables\^ and 
hold for partial terms. Interpretations are preserved by injective renaming of indeterminates. 
Equivalence is preserved by prefixing, hiding and composition with partial terms with distinct 
indeterminates. 

Proof First, remark that for all P P', (P' | 0) = 0, hence (P | 0) so |P] is defined on 0. 
Now assume |P] is defined on Q and P, for all P C/ P' we have (P' \ {Q ® R)) = {P' \Q) + 
(P' I R) = |P]((3) + IP}{R) so |P| is correctly defined on Q © P. The same argument apphes 
for |P](fc ■ Q) = k ■ |P](Q). As a consequence, |P] is indeed a partial behaviour. 
Let P, Q, R be partial terms. The relation 

{ ((P' I Q') I (Q' I ^') I \P^f P',Q^f Q',RQf R'} 

is obviously a bijection between total refinements of (P | Q) | P and total refinements of (Q | P) | R, 
and this bijection preserves outcomes because of the equation P | Q ~ Q | P for total terms. As 
a consequence we have ((P | Q) | P) = ((Q | P) | P) for aU P, which imphcs [P | Q] = IQ | PJ. 

The same argument applies for all other equations. For scope extrusion and non-interaction, 
we use the fact that indeterminates have a fixed set of free names. For the equations in which a 
sub-term is duplicated (distribution of compositions over ©), we use the fact that all occurrences 
of a given indeterminate are replaced by the same term when refining. 
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If P is a partial term and Q is a refinement of P obtained by injectively renaming the 
indeterminates of P, then for all total R we clearly have P C i? if and only if Q E i?, so P ~ Q. 

Let P, P', Q be partial terms such that P ~ P' and ind(P) n ind(Q) = ind(P') n md{Q) = 0. 
Then the refinements of P | Q are the compositions of a refinement of P and a refinement of 
Q, chosen independently since ind(P) n md{Q) = 0. Let R be an arbitrary total term. If 
((P \Q) \ R) is defined and has value k, then for all refinements P Qf P" and Q Q" we 
have ((P" I Q") I P) fc so ((P | Q") \ R) = k, therefore ((P' | Q") \ R) is defined and has value 
k, hence ((P' | Q) | P) = /c and P' | Q ~ P | Q. Analogous reasoning yields P' || Q P || Q. 
Preservation of equivalence by other syntactic constructs is immediate. □ 

Definition 13. An ideal is a non-empty set A of partial terms that is downwards closed and 

such that for all P,Q E A there is an P G A such that P n R and Q \Z R. The interpretation 
of an ideal A is the upper limit of the interpretations of its elements, that is the partial function 
{A} such that for all P, [AI(P) = if [(31(P) = k for some Q & A. 

The definition of \A\ is valid since interpretation of partial terms is clearly increasing, when 
ordering partial terms by refinements and partial functions by extension (or graph inclusion). 
Note that for all total term P, the set { Q | Q E/ P } is an ideal that has the same interpretation 
as P. 

The set of ideals, ordered by inclusion, is not well founded: if (.x',i),)gN is an infinite family of 
names, then each set ^„ = { , . . . , a;,) | i ^ n } is an ideal and { A„ | n £ N } is an infinite 
descending chain. However, if we restrict to a finite number of public names (which does not 
change expressiveness, since boimd names arc not restricted), then the set is well-founded, and 
the smallest ideal is the set of all indeterminates with the set of all free names. 

Every syntactic construction for total terms naturally induces a construction for ideals, for 
instance the parallel composition A\B \s the downwards closure \s { P \ Q \ P E A. Q E B } for P 
and Q chosen with disjoint indeterminates. All these constructions are increasing for inclusion. 
Moreover, the union of a directed set of ideals is an ideal, so every equation X = A{X) has a 
sohition in ideals (the least fixed point of X A{X), i.e. the luiion of the A^{0)). Consequently, 
all processes definable by recursion are interpreted by partial behaviours. 

5 Asynchronous traces 

Simple terms remove one source of ambiguity in the meaning of processes: the fact that each 
action may or may not be activated. By linearity, they also reduce the computation of outcomes 
to the computation of the number of non-zero outcomes. However, they do not form a basis 
of observable process behaviours, because they may contain internal transitions, which are not 
observable and can be a source of non-determinism. 

A trace as defined below can be seen as a deterministic simple term, up to observational 
equivalence. It has visible actions, with a partial order imposed by some internal prefixing 
structure, and these actions may not interact with each other, only with the environment; it also 
contains inactions, representing the fact that the choice was made not to do some of the actions. 

Definition 14. A trace T is a tuple (|T| ,p, s, N) where 

• |T| is a finite set (the events, or action occurrences), 

• p is a function from \T\ to P (the polarity), 

• s is a function from |T| to iV ttl |T| (the subject). 
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• ^ is a partial order over |T| such that Va, 6 S |r|, if s{b) = a then a < b, 

• is a finite subset of P x {N y |r|) (tlie inactions). 

For an action a e |r|, s{a) is the subject of action a, that is the channel on which a happens: 
if s{a) G N then it is a public channel, otherwise it is the private channel bound by the action 
s{a). The set N indicates which actions could have been performed (in parallel) after the trace 
has been consumed. 



5.1 Traces as basic terms 

Definition 15. Let P be a simple term and let p be an exhaustive pre-trace of P. The trace 
induced by p is the trace p* such that 

• |p*| is the set of visible transition labels in p, 

• p maps labels to their polarity, 

• s maps labels to their subject, either the name for public channels or the action that creates 
the name for private channels, 

• ^ is the causal order (as of definition [6|) restricted to visible transition labels, 

• is the set of all (e, u) such that u'^.O occurs in active position in P/p. 

Note that the condition that s{b) — a implies a < 6 is satisfied by p*, because in our 
language the action prefixes are synchronous: in an action u{x).P, the action u{x) that binds x 
is automatically a prefix of all actions on x. However, synchrony is not necessary for this property 
to hold:, the fact that the name is bound is the important point: even if internal transitions can 
occur on a bound name, visible transition are possible only after the name has been revealed by 
the action it is bound to. 

The definition above identifies the trace that is the observable content of a pre-trace. With 
some coding, we can prove that any trace can be implemented in the calculus, in the sense that 
for every trace T there is a term {T} that has a unique exhaustive pre-trace p, the content of 
which is T. 



Definition 16. Let T be a trace. For all a and b in |T|, let Xab,yab, Za be fresh names. For all 

P(a), 
s(a)l 



a 6 |T|, let act(a) = s{a)P'-''\za) if s{a) € N and act(a) = z&Uza) if s{a) € \T\ and define 



:= {Xba}b<a-act{a).( UaKcVa 



ns(c)=Q A"^ 



Il{£,a)i£N 



where {xba}b<a represents a sequence of prefixes that contains all actions Xba for all 6 < a, in 
any order. The implementation of T is the process 

Yla<byab-Xab ] \\ Il{£,u)eN,ueN ''^'^ 



{T} := {l^Xabyab)a,be\T\ I\s(a)eN At 



s{a)el 

The intuition is the following: each action in T is translated by the linear action it describes, 
which provides the right set of visible actions. Inactions are translated straightforwardly. The 
ordering is imposed by communication on internal names: for each action a, the translation 
act(a) is prefixed by a blocking input Xba for each action b < a. Activating this action frees the 
signals Xac for all c > a, which guarantees that the order is respected. We cannot implement this 



15 



system one set of names Xab, because the actions act(a) must be composed without interaction, 
in order to avoid internal transitions between actions that are supposed to implement visible 
transitions. We thus split each signal into two names, Xab and yafc, and put in parallel (with 
interaction) a set of forwarders yab-Xab that performs the synchronization between signals. If the 
subject of an action a is the bound name of an action b, then act(a) is put in the continuation of 
action act (6), which imposes an order between this action; this is compatible with the constraint 
b < a from the definition of traces. 

Proposition 7. For all trace T, the term {T} is simple, has a unique exhaustive pre-trace p 
and p* ~T . 

Proof. The fact that {T} is simple is obvious by definition of {T}. 

Let us first build an exhaustive pre-trace of {T}. Let (ai)i^i^„ be a topological ordering of 
\T\. We deduce a sequence of terms (i'OisSj^n+i such that for each i < n there is an interaction 
from Pi to Pi+i made of a transition act(ai) : t and internal transitions. Let Pi = {T}. Let i 
be an integer such that 1 ^ z ^ n, assume Pi is a reduct of {T} that contains the act(aj) for all 
j ^ i and in active position all the Xa^ak such that j < i ^ k and aj < a^. Then the term A^. 
occurs in active position in Pi and the prefix {xa^a^ajKai can be consumed, which puts act(ai) 
in active position. We can then apply a transition act(ai) : l for some t followed by an internal 
transition that consumes the w.l contained in the linear action (as of definition [H]) . This puts 
in active position the i/ai+iaj for all Oj > ai, and each of these can interact with the ijaiaj -Xaiaj , 
which puts in active position the Xa^aj- By this interaction we reach a state Pi+i that satisfies 
the condition we assumed on Pi. Applying this method until i = n gives a term Pn+i in which 
everything except the u^.O has been consumed, so this provides a exhaustive pre-trace p of {T}. 

Now, let p' be another exhaustive pre-trace of {T}. By definition, p and p' trigger the same 
actions in {T}. From this we can deduce that p and p' contain the same transition labels, indeed 
the actions act(a) are necessarily consumed by visible transitions since they arc joined together 
by a composition without interaction and the only composition with interaction they are involved 
in is with the names Xab and yah. On the other hand, all actions on these names are consumed 
by internal transitions, and for each such name there is exactly one linear input and one linear 
output so there is only one possible internal transition for each name. As a consequence the sets 
of actions of p and p' are the same so p = p' . 

Let us now prove that p* = T. The only thing we have to check is that the causal order 
of p is the order of T. First consider two events a,b € \T\ with a < b. The action act(6) in 
{T} is prefixed by Xab (and possibly other actions), and Xab is prefixed by ijab, which is itself 
prefixed by act(a), so the transition act(a) is before the transition act(6) in p. Then consider 
two incomparable events a and b. There is a topological ordering of |r| that places a before b 
and another that places b before a, so by the construction above we can construct an interaction 
in p for each case, which proves that the transitions act(a) and act(6) are incomparable in the 
causal order of p. □ 

This result justifies that {T} is considered as an implementation of T. The proposition below 
proves that traces are actually the part of interactions that are observable by interaction. 

Proposition 8. For all simple term P, P ^ ©pep (p) {P*}- 

Proof. Let Q be a simple term. The term P | Q is simple, so the outcome of a run of this term is 
either 1 or 0. Let p be a run with outcome 1. This implies that no inaction of P | Q is triggered 
in p and that each linear action is triggered. 

Call p^ the projection of p on P. Formally, p^ is obtained from p by replacing each transition 
l.a with a, removing every transition 2. a and replacing each transition (l.i, 2.k) with the a : l 



16 



that is the left premise of the derivation of (l.t, 2.k). Note that the order on need not be 
the restriction to of the order on p, it is only a subset of this order. Call p^ the analogous 
projection on Q. 

Since the outcome of p is 1, the pre-traces p^ and p^ are exhaustive pre-traces of P and Q 
respectively. Let p' be the unique exhaustive pre-trace of {(p^)*}. By construction, there is a 
bijection between the positions of the visible actions of p^ and those of p' , which establishes a 
bijection between runs of P | Q with outcome 1 that project on P as p^: 

{d\den{P\Q),^^ ^p\ s{{P I Q)/d) = 1 } 

and runs of {(p^)*} | Q with outcome 1: 

{^|^e7^({(plr}|Q), s{{{{p'r]\Q)/i)) = l]. 

This bijection preserves outcomes, so we have 

^ s{{P\Q)/a) = {{{p^Y]\Q) 
cre7^e(P|Q) 

Summing for all potential values of p^, i.e. all exhaustive pre-traces of P, yields 

{p\Q)= E <ip\Q)/^)= E {{^p'y]\Q) 

from which we can conclude. □ 

We can thus consider traces as terms of the language. Indeed, given a trace T, all simple 
terms that have a unique exhaustive pre-trace p with p* = T are equivalent to {T}. When 
precise syntactic information is needed, T used as a term is a short-hand for {T}. 

Theorem 2. Every term is equivalent to a linear combination of traces. 

Proof. By the decomposition of affine actions from proposition O we get that every term is 
equivalent to a linear combination of simple terms. By proposition [HI each simple term is in turn 
equivalent to a sum of trace implementations. The composition of these equivalences, with the 
module structure of IIk, yields a decomposition of every term as a linear combination of trace 
implementations. □ 

5.2 Pure trace semantics 

We can thus define a semantics of processes based on traces, as of definition [T31 by reformulating 
the various constructions for combinations of traces. As an example we give a reformulation of 
testing for traces. In the definition below, for two traces T and U, if / is a function from |r| 
to \U\, then / is implicitly extended to a function from |T| t) A?" to \U\ 1+1 A/' as the identity over 
names. 

Proposition 9. Let T and U be two traces, {T \ U) is the number of synchronizations ofT and 
U, that is bijections a from \T\ to \U\ such that 

• for all a G \T\, pu{a{a)) — -^pxia) and suicr{a)) = a{sT{a)), 

• the relation { (a, b) \ a b or cr(a) a{b) } is acyclic, 
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• for all {e,x) G Nt, {^s,a{x)) ^ Nu- 

Proof. Let P = {T} \ {U}. By proposition [S] we have P ~ 0pe-p,(P) {p*} hence (P) = 
SpGPelP) ^^P*^^- Clearly, for all trace V, {V) is 1 if \V\ = and otherwise, so {P) is the 
number pre-traces p G Ve{P) such that \p*\ is empty. 

Consider such a pre-trace p, by definition p triggers all linear actions in {T} and {[/}, so 
p^ and jO^ are the unique exhaustive pre-traces of {T} and {U} respectively. The relation 
{ (i, k) I (l.t, 2.K,) G /O } establishes a bijection between positions of actions in {T} and {C/}, which 
implies a bijection a : \T\ ^ \U\. Clearly, for all a G |r|, we have pt/(a(a)) = ^pria) since an 
action can only interact with an action of the opposite polarity. It is also easy to prove that 
S[7(cr(a)) = cr(sT(a)), since two actions that interact are either on the same public name or on 
private names that are unified by the interaction of previous actions. Consider two transitions 
(ta, fia) and (tft, Kb) in p, that correspond to the pairs of actions (a, cr(a)) and (6, u{h)): if a S^t b 
then the action at La must occur before the action at t;,, so (iq, Kq) ^ (tf,, Kf,); the same argument 
applies if <j{a) o'lb), so the order contains the orders and ^u, which proves that 
the union of these orders is acyclic. Finally, if there were e G P and x G TV tt) |T| such that 
{e,x) G Nt and (-'e,a{x)) G Njj, then the run p could be extended with an interaction between 
the inactions associated with them, and the outcome would be 0. Therefore cr G S{T, U). 

Reciprocally, let cr be a synchronization of T and U. The relation { (a, b) \ a b or a{a) <j{b)} 
is acyclic, so there is a non-decreasing enumeration |r| = {ai, . . . , a„} such that cr{ai), . . . , a{an) 
is also non-decreasing. Then there is a path p G {T} that reaches ai, . . . , a„ in this order and 
a run q G {U} that reaches (T(ai), . . . ,(T(a„) in this order. By combining p and q we get a 
path r G P. Indeed, for each i we have p{a{ai)) — -^p{ai) and s{a{ai)) = a{s{ai)) so either 
tti and a{ai) have the same public name as subject, or their subjects are two bound names 
and Zs(a{ai))- Since s{ai) < Ui by definition, there is j < i such that s{ai) = aj and then 
s{a{ai)) = cr(aj), so the subjects of at and <7{ai) are unified by the interaction between aj and 
<y{aj). In any case, the actions ai and a{ai) can interact. The term P/r is the composition with 
interaction of {T} /p and {[/} /g, and these terms are compositions without interaction of the 
inactions that correspond to Nt and Njj respectively. The condition that (-i£,(t(x)) ^ Njj for 
all {s,x) G Nt guarantees that no further interaction can occur, therefore r is a maximal path 
of P and s{P/r) = 1. 

These construction establish a bijection between S{T, U) and the runs of {T} and {U} with 
outcome 1, which proves the expected result. □ 

We will not develop the trace semantics further here for lack of space, but the abstract 
reformulation of outcomes above gives an idea of the construction: a finite process is interpreted 
as a linear combination of traces and all basic operations are defined independently of the semiring 
K. The linear action prefix maps traces to traces, inactions are basic traces, composition without 
interaction is a disjoint union of traces, composition with interaction maps a pair of traces to a 
combination of traces with integer coefficients, hiding {fu) maps traces that contain an action 
on u to 0, and remove inactions on u from other traces. 

6 Classic forms of test 

By choosing appropriate structures for K, we can recover the standard may and must testing. 
In both cases we have K. = {0,1, w}, where w represents success. Table [S] show the rules for 
addition and multiplication for may and must. Using this definition it is clear that P and Q are 
equivalent for may or must testing if and only if, for all {P \ R) = uj if and only if {Q \ R) ^ lo. 
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Table 5: Observation semirings for may and must testing. 

Taking for K the minimal semiring {0, 1} with 1 + 1 = 1 gives the framework studied by the 
author in a previous work Ij, which also leads to must testing semantics. 

These semirings share an important property, namely that all elements are idempotent for 
addition. This is an important restriction, in particular it implies that summing outcomes cannot 
count the number of successes or failures. In other words, the "quantitative" part of our testing 
semantics disappears. We can remark that this constraint imposes to forget non-interleaving, 
since it allows us to decompose everything as totally ordered traces. 

Theorem 3. Ifyx,x + x — x, then IIk is generated by totally ordered traces. 

Proof. We prove the equivalent fact that each trace is equivalent to the sum of all its total 
orderings. Let T and U be two traces. Call O the set of total orders over \T\ that contain 
and for each R G O, call Tr the trace obtained from T by replacing the order with R. Let 

T' = ©Tjgo ^fl- 

By proposition [51 (T | U) is the number of matchings between T and U. This means that 
if there are n matchings, then {T \U) = 1 + • • • + 1 with n occurrences of 1. By hypothesis 
1 + 1 = 1, so {T \U) is 1 if there is at least one matching and otherwise. By the same 
argument, for all i? G O we have (Tr | U) € {0, 1}, hence (T' | [/) is 1 if there is at least one R 
such that (Tr \U) = 1 and otherwise. 

Assume {T \U) = 1, and let cr be a matching between T and U. Then a induces an order ^ 
on |T| such that a b and cr(a) fj[h) both imply a ^ b. Any completion R oi ^ into a total 
order yields a total ordering Tr of T such that (Tr | [/) = 1, which proves that (T' \U) = 1. 

Reciprocally, assume that (T' \U) = 1, then there is an i? £ O such that (Tr \U) — 1, then 
there is a matching a between Tji and U. Since the only difference between Tr and T is the 
order and is included in R, a is also a matching between T and U, hence {T \ U) — 1. □ 
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